CSF Rsync not working with csf enabled

pamamolf · Jun 5, 2016

Hi

I have a server 2 that has a simple rsync script that sync a folder from server 1 to a folder from server 2.....

But when i enable csf firewall on server 2 then is not working

When i disable it all are working fine ....

Any ideas?

Thanks

eva2000 · Jun 5, 2016

if you changed sshd ports on either source or destination, then the ports need to be whitelisted on both servers' firewalls

SeaTea · Jun 5, 2016

pamamolf said: ↑

But when i enable csf firewall on server 2 then is not working
When i disable it all are working fine ....
Click to expand...

Just add the ip-adress of the other server in 'csf.allow' if you don't want to open ports for everyone.
If you don't want all ports open for another hosts, just open one port.
Code (Text):
tcp|in|d=12345|s=52.1.2.3
In this example you only open port 12345 for source-ip 52.1.2.3

I am using csf together with lfd (which watches files and suspicious log activity). I control both via webmin which has a good web-interface for it. This is sometimes handy if I do not have a ssh client available.

eva2000 · Jun 5, 2016

very nice tip regarding csf firewall @SeaTea

pamamolf · Jun 6, 2016

Thanks @SeaTea

Yes i use custom ports

Let's say main server 1 port 1000 for ssh and ip 123.456.789.000 and server 2 the one that i run the script and connects to main server ssh port 1111 and ip 111.222.333.444 then should i use :

server 1 edit csf.allow:
Code:
tcp|in|d=1111|s=111.222.333.444
and

server 2 edit csf.allow:
Code:
tcp|in|d=1000|s=123.456.789.000
Correct ?

eva2000 · Jun 6, 2016

read CSF - CSF Firewall info | Centmin Mod Community

pamamolf · Jun 6, 2016

Confused

So do i need to enable on each server two rules each?

One for incoming and one for outgoing ?

like:

server 1 edit csf.allow:
Code:
tcp|in|d=1111|s=111.222.333.444
tcp|out|d=1111|s=111.222.333.444
and

server 2 edit csf.allow:
Code:
tcp|in|d=1000|s=123.456.789.000
tcp|out|d=1000|s=123.456.789.000
?

pamamolf · Jun 6, 2016

Actually these settings if they allow only the specified ip to connect to the ssh port then is not what i want

I just need both servers to use existing ssh ports and let anyone to use the ports as it is now ......

Also it should work as i have on csf config file in TCP_IN and TCP_OUT the port open but it doesn't work

I also add the ip of server 1 to server 2 allow file of csf to avoid any ip blocks and the opposite...

eva2000 · Jun 6, 2016

pamamolf said: ↑

I just need both servers to use existing ssh ports and let anyone to use the ports as it is now ....
Click to expand...

then my original suggestion stands open TCP_IN/OUT for the ports rsync connects to

pamamolf said: ↑

One for incoming and one for outgoing ?
Click to expand...

pay attention to examples and s= vs d= for source and destination

check /var/log/messages for diagnostics info etc for what is being blocked etc

pamamolf · Jun 6, 2016

Ok i found that rsync port is 873 using:
Code:
grep rsync /etc/services
So if i enable this port for tcp/udp in/out on the firewall it may work ?

Don't see the reason to open an extra port....

I prefer to use default ssh ports and not 873

So is this ok?

server 1 edit csf.allow:
Code:
tcp|in|d=1000|s=111.222.333.444
tcp|out|d=1111|s=111.222.333.444
and

server 2 edit csf.allow:
Code:
tcp|in|d=1111|s=123.456.789.000
tcp|out|d=1000|s=123.456.789.000

eva2000 · Jun 6, 2016

i've never had to open port 873 for rsync to work once i setup csf whitelisted ports

pamamolf · Jun 6, 2016

Yes but the new ssh port is already changed using Centminmod menu and it auto add the new port on the csf config file...

But this is not enough for rsync to work

It's server has it's own new ssh port open on the csf config file.

Or do you mean to add also the server 2 ssh port on the server 1 csf config file and the opposite?

eva2000 · Jun 6, 2016

centmin.sh menu option to change sshd port only adds new ports whitelisting for TCP_IN (inbound) only, it does not added white listing for port on TCP_OUT (outbound) on same server and does not setup on destination server's csf firewall for TCP_IN (inbound)

both source and destination servers need their respective CSF firewall's port whitelisting for their respective directions of rsync communication's destination and source ports
Code (Text):
server1 (sshd port XX)
server2 (sshd port YY)

server1 TCP_OUT (port YY) ==> server2 TCP_IN (port YY)
server2 TCP_OUT (port XX) ==> server1 TCP_IN (port XX)

pamamolf · Jun 6, 2016

Server1 then:
Code:
TCP_IN 1000
TCP_OUT 1111
and

server2 :
Code:
TCP_IN 1111
TCP_OUT 1000
Don't say that i didn't got it now

pamamolf · Jun 6, 2016

Didn't see your edit with the sample when i post it

I think that my example above will work

YuchiRO · Oct 12, 2016

I made same config as eva2000 sugguest:

sv1 - ssh 1111 ip 1.1.1.1
sv2 - ssh 2222 ip 2.2.2.2

CSFallow sv1
tcp|in|d=1111|s=2.2.2.2
tcp|out|d=2222|s=2.2.2.2

CSFallow sv2
tcp|in|d=2222|s=1.1.1.1
tcp|out|d=1111|s=1.1.1.1

and csf -r both server but i cant rsync. So, what's i missing ?

eva2000 · Oct 12, 2016

check for clues in /var/log/lfd.log and /var/log/messages for your servers ips related entries

what rsync command and errors ?

YuchiRO · Oct 12, 2016

rsync -avz --progress -e "ssh -p 1111" root@1.1.1.1:/home/nginx/domains/domain.com/public/* .

ssh: connect to host 1.1.1.1 port 1111: Connection timed out
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: unexplained error (code 255) at io.c(605) [Receiver=3.0.9]

eva2000 · Oct 12, 2016

1. check for clues in /var/log/lfd.log and /var/log/messages for your servers ips related entries
2. check if either server ips are blocked in respective csf firewall via grep command
Code (Text):
csf -g ipaddress
3. can you ssh into other server and vice versa via ssh from one server to another ?

eva2000 · Oct 12, 2016

YuchiRO said: ↑

I made same config as eva2000 sugguest:

sv1 - ssh 1111 ip 1.1.1.1
sv2 - ssh 2222 ip 2.2.2.2

CSFallow sv1
tcp|in|d=1111|s=2.2.2.2
tcp|out|d=2222|s=2.2.2.2

CSFallow sv2
tcp|in|d=2222|s=1.1.1.1
tcp|out|d=1111|s=1.1.1.1

and csf -r both server but i cant rsync. So, what's i missing ?
Click to expand...

were these added to /etc/csf/csf.allow ?

Log in / Register

Forums

Want to subscribe to topics you're interested in?

CSF Rsync not working with csf enabled

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

SeaTea Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

YuchiRO Member

eva2000 Administrator Staff Member

YuchiRO Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

CSF Rsync not working with csf enabled

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

SeaTea Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

YuchiRO Member

eva2000 Administrator Staff Member

YuchiRO Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.